Acumin, an international recruitment specialist, focuses on areas such as information security and risk management, governance and compliance, penetration testing, forensics, and business continuity management.

With information security and risk management teams spread out across the UK, Europe and the United States, Acumin has its finger on the pulse of the industry, particularly as it relates to developments in Europe.

InfoSec Institute recently conducted an interview with two professionals from London, England-based Acumin’s end user and security consultancy team – Senior Resourcer Ryan Farmer and Managing Consultant Scott West – to get the company’s take on certain issues relevant to the information security industry.

Ryan Farmer

InfoSec: What positions are currently in demand?

Farmer: Hybrid technical-strategic roles, which align enterprise security architecture and solutions to business needs. [Companies are also looking for] candidates with deeply technical backgrounds who are business-facing and capable of articulating security as more than a compliance checklist. Application security experts in the UK are severely lacking. Failure to bake security in through the development process, coupled with programming functions being traditionally offshored, has resulted in a real lack of deep experts and bidding wars between employers for those at higher levels.

InfoSec: For which positions is demand dying?

West: Pure-play network security engineers are less in demand now, particularly within end users, with organizations typically seeking technical personnel with knowledge across multiple domains.

West: Communicating value of security, strong stakeholder management and process engagement, and those that are able to work across multiple projects and programs.

InfoSec: What technologies are most in demand?

Farmer: Those that focus on protecting data. Often there is a focus…establishing a DMZ, when really we are in information security, and that is what should be protected. So we are seeing a lot more projects around DLP; monitoring of networks, files and databases; threat mitigation; and vulnerability management.

InfoSec: For which technologies is demand dying?

West: Traditional firewall.

InfoSec: Who was the last security person you hired and what set that candidate apart from the pack?

Farmer: A lead security architect within a FTSE100 finance organization. What set this person apart from the pack was the ability to communicate technical solutions to the business, manage multiple stakeholders throughout the process, and breadth and depth of technical security experience.

InfoSec: Without naming specifics, what are the biggest security threats?

Farmer: Understanding where the next generation of security consultants are going to come from.

InfoSec: What is the most enjoyable part of the job?

West: Growing out a security function, allowing the organization to meet strategic objectives.

InfoSec: Which, if any, certifications and degrees do you see as important for hiring and career advancement?

Farmer: Certifications initially came in to the industry to validate the skills of hackers-cum-white hats, and really their purpose hasn’t changed. You can’t beat experience and a genuine passion for the subject, but a CISSP will always go a long way to showing commitment to on-going improvement and a sound broad knowledge. The MSc in information security helps to escalate candidates, promote professional maturity and shows the right level of willingness to progress.

InfoSec: What will get your resume thrown in the trash?

West: Misleading information, such as embellishing skills and experience or incorrect dates. Whether it be through the interview process, referencing or during probation, you will get found out. It’s better to be honest about any shortcomings. Employers want to develop people within a role.

InfoSec: What would you tell a secondary school student interested in a network security or cyber security degree?

Farmer: Ensure a breadth and depth of education whilst gaining as much real world experience as possible. Try to differentiate yourself during your education.

InfoSec: Which security sites do you visit?

West: SC Magazine, InfoSecurity, The Register, and of course LinkedIn and Twitter for a summary of everything

InfoSec: What’s the last security book you’ve read?

Farmer: Kevin Poulsen’s Kingpin has been on my Kindle to-read list for the last few weeks.

A Canadian currently based in Ontario, Canada, Ian is a researcher for InfoSec Institute. Over the years, he has written for a number of IT-related sites such as Linux.com, ITManagersJournal.com and ITBusiness.ca.

Your email address will not be published. Required fields are marked *

Comment

Name *

Email *

Website

+ =

About InfoSec

InfoSec Institute is the best source for high quality information security training. We have been training Information Security and IT Professionals since 1998 with a diverse lineup of relevant training courses. In the past 16 years, over 50,000 individuals have trusted InfoSec Institute for their professional development needs!

Join our newsletter

File download

First Name

Last Name

Work Phone Number

Work Email Address

Job Title

Why Take This Training?

How will you fund your training?

What is your training budget?

InfoSec institute respects your privacy and will never use your personal information for anything other than to notify you of your requested course pricing. We will never sell your information to third parties. You will not be spammed.

Comments

What is Skillset?

Skillset

Practice tests & assessments.

Practice for certification success with the Skillset library of over 100,000 practice test questions. We analyze your responses and can determine when you are ready to sit for the test. Along your journey to exam readiness, we will:

1. Determine which required skills your knowledge is sufficient
2. Which required skills you need to work on
3. Recommend specific skills to practice on next
4. Track your progress towards a certification exam